From 8c3d3bf6db1495ffa1863139492a5058b338975a Mon Sep 17 00:00:00 2001 From: stuebinm Date: Thu, 2 May 2024 22:33:47 +0200 Subject: [PATCH] monitoring: warn if no deploy for 10 days MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit this is not entirely accurate — the lastModified attribute of a flake's self-input gives the date of the last commit, not the last deploy. But I figure it's close enough and less obscure to check than reading in the last date via nix-env. inspired by: we did no server updates for two weeks. --- modules/buildinfo.nix | 1 + parsons/monit.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/modules/buildinfo.nix b/modules/buildinfo.nix index 550d2be..c52b3cf 100644 --- a/modules/buildinfo.nix +++ b/modules/buildinfo.nix @@ -25,4 +25,5 @@ in # used by monit environment.etc."haccfiles-commit".text = self.rev or self.dirtyRev; + environment.etc."haccfiles-timestamp".text = builtins.toString self.lastModified; } diff --git a/parsons/monit.nix b/parsons/monit.nix index c671db8..bb1af96 100644 --- a/parsons/monit.nix +++ b/parsons/monit.nix @@ -22,6 +22,20 @@ let exit 1 end ''; + + checkDeployAge = pkgs.writeScriptBin "check-deploy-age" '' + #!${lib.getExe pkgs.fish} + + set date (date +%s) + # we do this indirection here so monit's config won't change on each deploy + set deploytimestamp (cat /etc/haccfiles-timestamp) + set age (expr $date - $deploytimestamp) + + if test $age -ge (expr 3600 \* 24 \* 10) + echo "${config.networking.hostName} has not been deployed since 10 days, perhaps someone should do updates?" + exit 1 + end + ''; in { mailserver.monitoring = { @@ -43,5 +57,8 @@ in check program is-system-running path ${pkgs.systemd}/bin/systemctl is-system-running if status != 0 then alert + + check program check-deploy-age path ${lib.getExe checkDeployAge} + if status == 1 then alert ''; }